Myriad standards exist for configuring, maintaining, and auditing computer infrastructures and the data that is stored by the infrastructures. The standards are often many-faceted and may be industry-specific. For example, entities in healthcare, financial, federal government, and other industry sectors making use of computer infrastructures may be subject to certain standards. Some standards may be regulatory in nature, such as Securities and Exchange Commission (SEC) regulations for publicly traded companies. Standards may overlap and require similar policy, configuration, and management enforcement and auditing measures. Other standards may have unique requirements that are specific to a particular industry sector.
Entities that are subject to standards may wish to use various computing infrastructure services. Some services, for example, provide a wide range of resources to an entity without requiring the entity to maintain a computer infrastructure. As one example, a provider may supply dynamically scalable and virtualized resources as services over the Internet. The provider typically supplies computers on which the entities can run their applications and store their data. For example, the entities may upload applications, libraries, data, network resources, directory resources, and associated configuration settings to the provider's storage repository and request a number of virtual machines (i.e., server instances), on which they can load their applications. The entities also may increase or decrease, as needed, how much central processing unit (CPU) and storage capacity is needed to run the applications.
An entity using these services, although not maintaining a computing infrastructure, must nevertheless comply with standards that pertain to the configuration, maintenance, and auditing of its data. Consequently, the entity may need to expend a substantial amount of time and resources to configure and maintain its data, resources, and activity logs in manner that is compliant with applicable standards. Furthermore, using these services may complicate these tasks, because providers do not provide functionality that allows entities to configure resources to comply with such standards. Accordingly, the time and expense necessary to configure computing resources for standards compliance may present a significant barrier to entry for entities that may otherwise use computer infrastructure services. Therefore, there is a need for improved systems and methods that facilitate standards compliance for entities that use computer infrastructure services.